diff options
| author | Julian Andres Klode <julian.klode@canonical.com> | 2025-01-27 17:34:45 +0100 |
|---|---|---|
| committer | Julian Andres Klode <julian.klode@canonical.com> | 2025-01-28 19:48:47 +0100 |
| commit | 4059a1544323b945a81e5ef0faea4a3b109f36bf (patch) | |
| tree | eb7cb387e75de057ef3e8cd56e00f13882ebc9a0 | |
| parent | 9d7a660611e9e134cd6d74a594bde59cad77c8d8 (diff) | |
Make notices about .list sources without signed-by less obnoxious
| -rw-r--r-- | apt-private/private-update.cc | 41 | ||||
| -rwxr-xr-x | test/integration/test-apt-get-update-sourceslist-warning | 20 |
2 files changed, 41 insertions, 20 deletions
diff --git a/apt-private/private-update.cc b/apt-private/private-update.cc index 2b96f48fb..bd8823568 100644 --- a/apt-private/private-update.cc +++ b/apt-private/private-update.cc @@ -106,23 +106,40 @@ bool DoUpdate() if (_config->FindB("APT::Get::Update::SourceListWarnings::SignedBy", SLWarnings)) { - bool allDeb822 = true; + bool modernize = false; for (auto *S : *List) { - if (not S->GetSignedBy().empty()) - continue; - URI uri(S->GetURI()); - // TRANSLATOR: the first is manpage reference, the last the URI from a sources.list - _error->Notice(_("Missing Signed-By in the %s entry for '%s'"), - "sources.list(5)", URI::ArchiveOnly(uri).c_str()); - allDeb822 &= S->HasFlag(metaIndex::Flag::DEB822); + + if (not S->HasFlag(metaIndex::Flag::DEB822)) + { + // TRANSLATOR: the first is manpage reference, the last the URI from a sources.list + _error->Audit(_("The %s entry for '%s' should be upgraded to deb822 .sources"), + "sources.list(5)", URI::ArchiveOnly(uri).c_str()); + } + if (S->GetSignedBy().empty()) + { + if (S->HasFlag(metaIndex::Flag::DEB822)) + { + // TRANSLATOR: the first is manpage reference, the last the URI from a sources.list + _error->Notice(_("Missing Signed-By in the %s entry for '%s'"), + "sources.list(5)", URI::ArchiveOnly(uri).c_str()); + } + else + { + // TRANSLATOR: the first is manpage reference, the last the URI from a sources.list + _error->Audit(_("Missing Signed-By in the %s entry for '%s'"), + "sources.list(5)", URI::ArchiveOnly(uri).c_str()); + modernize = true; + } + } } - if (not allDeb822) + if (modernize) { - _error->Notice(_("Consider migrating all sources.list(5) entries to the deb822 .sources format")); - _error->Notice(_("The deb822 .sources format supports both embedded as well as external OpenPGP keys")); - _error->Notice(_("See apt-secure(8) for best practices in configuring repository signing.")); + _error->Audit(_("Consider migrating all sources.list(5) entries to the deb822 .sources format")); + _error->Audit(_("The deb822 .sources format supports both embedded as well as external OpenPGP keys")); + _error->Audit(_("See apt-secure(8) for best practices in configuring repository signing.")); + _error->Notice(_("Some sources can be modernized. Run 'apt modernize-sources' to do so.")); } } diff --git a/test/integration/test-apt-get-update-sourceslist-warning b/test/integration/test-apt-get-update-sourceslist-warning index 7e27e4825..5a941dae6 100755 --- a/test/integration/test-apt-get-update-sourceslist-warning +++ b/test/integration/test-apt-get-update-sourceslist-warning @@ -46,14 +46,18 @@ msgmsg 'Detect login info embedded in sources.list' echo 'deb http://apt:debian@example.org/debian bookworm main' > rootdir/etc/apt/sources.list.d/example.list testsuccessequal "$BOILERPLATE N: Usage of apt_auth.conf(5) should be preferred over embedding login information directly in the sources.list(5) entry for 'http://example.org/debian' -N: Missing Signed-By in the sources.list(5) entry for 'http://example.org/debian' -N: Consider migrating all sources.list(5) entries to the deb822 .sources format -N: The deb822 .sources format supports both embedded as well as external OpenPGP keys -N: See apt-secure(8) for best practices in configuring repository signing." apt update --no-download +A: The sources.list(5) entry for 'http://example.org/debian' should be upgraded to deb822 .sources +A: Missing Signed-By in the sources.list(5) entry for 'http://example.org/debian' +A: Consider migrating all sources.list(5) entries to the deb822 .sources format +A: The deb822 .sources format supports both embedded as well as external OpenPGP keys +A: See apt-secure(8) for best practices in configuring repository signing. +N: Some sources can be modernized. Run 'apt modernize-sources' to do so." apt update --no-download --audit echo 'deb tor+https://apt:debian@example.org/debian bookworm main' > rootdir/etc/apt/sources.list.d/example.list testsuccessequal "$BOILERPLATE N: Usage of apt_auth.conf(5) should be preferred over embedding login information directly in the sources.list(5) entry for 'tor+https://example.org/debian' -N: Missing Signed-By in the sources.list(5) entry for 'tor+https://example.org/debian' -N: Consider migrating all sources.list(5) entries to the deb822 .sources format -N: The deb822 .sources format supports both embedded as well as external OpenPGP keys -N: See apt-secure(8) for best practices in configuring repository signing." apt update --no-download +A: The sources.list(5) entry for 'tor+https://example.org/debian' should be upgraded to deb822 .sources +A: Missing Signed-By in the sources.list(5) entry for 'tor+https://example.org/debian' +A: Consider migrating all sources.list(5) entries to the deb822 .sources format +A: The deb822 .sources format supports both embedded as well as external OpenPGP keys +A: See apt-secure(8) for best practices in configuring repository signing. +N: Some sources can be modernized. Run 'apt modernize-sources' to do so." apt update --no-download --audit |
